Sikur is defining the future of secure communication. Operating globally, it has offices in Latin America, United States, and Europe. Sikur works alongside governments and corporations that believe security is fundamental to the integrity of their work. We believe that security is not only about platforms and digital systems but is a mindset that surrounds every aspect of business.

Search

Tag: Bitcoin

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date.

In a statement, Binance’s CEO Changpeng Zhao said the company discovered a “large scale security breach” earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing.

News of the hack comes just hours after Zhao tweeted that Binance has “to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours.”

According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that’s connected to the Internet), which contained about 2% of the company’s total BTC holdings, and withdraw stolen Bitcoins in a single transaction.

What’s more disturbing is that the company admitted the hackers managed to get their hands on user critical information, such as API keys, two-factor authentication codes, and potentially other information, which is required to log in to a Binance account.

Zao also warned that “hackers may still control certain user accounts and may use those to influence prices.”

A new piece of ransomware is spreading rapidly across China that has already infected more than 100,000 computers in the last four days as a result of a supply-chain attack… and the number of infected users is continuously increasing every hour.

What’s Interesting? Unlike almost every ransomware malware, the new virus doesn’t demand ransom payments in Bitcoin.

A Supply Chain Attack — According to Chinese cybersecurity and anti-virus firm Velvet Security, attackers added malicious code into the “EasyLanguage” programming software used by a large number of application developers.

The maliciously modified programming software was designed to inject ransomware code into every application and software product compiled through it—another example of a software supply-chain attack to spread the virus rapidly.

The incident occurred over a two-hour period on September 14, with server issues detected three-days later and the authorities notified shortly after. The firm is withholding precise details of the attack while the authorities investigate.

Parent company Tech Bureau has reportedly already been hit with two business improvement orders this year and was subsequently forced to sign an agreement with investment group Fisco that will see the firm receive 5bn yen to help replace the lost coins, in exchange for majority ownership.

This is just the latest in a long line of cyber-attacks on Japanese crypto firms. Most famously, Tokyo-based Coincheck lost $530m worth of virtual currency earlier this year.

That could explain why the Financial Services Authority has created a new regulatory framework for such companies operating in Japan — the first of its kind to do so.

However, regulation is not a silver bullet, according to Ilia Kolochenko, CEO and founder of web security company High-Tech Bridge.

“Digital coins are extremely attractive for cyber-criminals who can easy launder them and convert into spendable cash, even in spite of some losses due to ‘transactional commissions’,” he said. “Most of these operations remain technically untraceable and undetectable, granting an absolute impunity to the attackers. Thus, cyber-criminals will readily invest into additional efforts to break in, even if security is properly implemented and maintained.”

The 2018 selloff in cryptocurrencies deepened, wiping out about $42 billion of market value over the weekend and extending this year’s slump in Bitcoin to more than 50 percent.

Some observers pinned the latest retreat on an exchange hack in South Korea, while others pointed to lingering concern over a clampdown on trading platforms in China. Cryptocurrency venues have come under growing scrutiny around the world in recent months amid a range of issues including thefts, market manipulation and money laundering.

Bitcoin has dropped about 12 percent since 5 p.m. New York time on Friday and was trading at $6,756, bringing its decline this year to 53 percent. Most other major virtual currencies also retreated, sending the market value of digital assets tracked by Coinmarketcap.com to a nearly two-month low of $298 billion. At the height of the global crypto-mania in early January, they were worth about $830 billion.

Enthusiasm for virtual currencies has waned partly due to a string of cyber heists, including the nearly $500 million theft from Japanese exchange Coincheck Inc. in late January. While the latest hacking target — a South Korean venue called Coinrail — is much smaller, the news triggered knee-jerk selling, according to Stephen Innes, head of Asia Pacific trading at Oanda Corp. in Singapore.

“This is ‘If it can happen to A, it can happen to B and it can happen to C,’ then people panic because someone is selling,” Innes said.

The 2018 selloff in cryptocurrencies deepened, wiping out about $42 billion of market value over the weekend and extending this year’s slump in Bitcoin to more than 50 percent.

Some observers pinned the latest retreat on an exchange hack in South Korea, while others pointed to lingering concern over a clampdown on trading platforms in China. Cryptocurrency venues have come under growing scrutiny around the world in recent months amid a range of issues including thefts, market manipulation and money laundering.

Bitcoin has dropped about 12 percent since 5 p.m. New York time on Friday and was trading at $6,756, bringing its decline this year to 53 percent. Most other major virtual currencies also retreated, sending the market value of digital assets tracked by Coinmarketcap.com to a nearly two-month low of $298 billion. At the height of the global crypto-mania in early January, they were worth about $830 billion.

Enthusiasm for virtual currencies has waned partly due to a string of cyber heists, including the nearly $500 million theft from Japanese exchange Coincheck Inc. in late January. While the latest hacking target — a South Korean venue called Coinrail — is much smaller, the news triggered knee-jerk selling, according to Stephen Innes, head of Asia Pacific trading at Oanda Corp. in Singapore.

“This is ‘If it can happen to A, it can happen to B and it can happen to C,’ then people panic because someone is selling,” Innes said.

The slump may have been exacerbated by low market liquidity during the weekend, Innes added.

“The markets are so thinly traded, primarily by retail accounts, that these guys can get really scared out of positions,” he said. “It actually doesn’t take a lot of money to move the market significantly.”

Even though it’s been more than two months and $2.7 million since a major ransomware attack nearly crippled the city of Atlanta, the aftershock continues to impact municipal employees across several departments.

At a 6 June Department of Atlanta Information Management (AIM) meeting, a city official requested an additional $9.5 million to try and correct the affected systems. Infosecurity Magazine attempted to contact AIM but has not received a response.

The city continues to work with private and government partners to understand the full scope of the attack’s impact, but Atlanta’s interim chief information office, Daphne Rackey, reportedly said that the number of impacted applications is more than 30% of the 424 mission critical programs. That number “seems to grow every day,” Rackey reportedly told the Atlanta city council.

The attack, which came with the demand for $51,000 worth of Bitcoin that the city said it did not pay, encrypted city files, leaving customers unable to access city applications. Information on current city operations is available to residents, but whether any lost data has been restored is unclear because the city’s website has not updated information on the attack since 30 March.

Several different agencies are said to have told the city council on 6 June that their workplace has yet to return to normal. “This has been painful on many fronts,” Atlanta police chief Erika Shields told WSB-TV in a live interview on 1 June. Referring to the police dashcam data that was lost in the attack, Shields said, “That is lost and will not be recovered. That could compromise potentially a DUI case.”

It’s unclear what has been most painful for the department, however, because Shields also said that she is not overly concerned. “It’s a tool, a useful tool, but the dashcam doesn’t make cases for us.”

One of the most-feared quirks of cryptocurrencies is becoming more of a headache.

Over the past few weeks, rogue operators of some of the computer networks that perform the complex calculations that verify transactions for various coins are attacking their own networks again. This time it’s Bitcoin Gold, an offshoot of the most widely known form of digital money, with a $717 million market capitalization.

Such 51 percent attacks, in which so-called miners gain control of the majority of the network’s computing power to falsify transactions, are generating ill-gotten gains that risk collapsing the value of the coins. Under attack for more than a week, Bitcoin Gold is down about 25 percent since May 18.

Similar attacks have targeted Verge, Monacoin and Electroneum, according to Autonomous Research LLC. To gain power over a coin with a market cap of $500 million, an attacker may need to spend as little as $778 an hour, according to Autonomous.

After all, many of these smaller coins — and there are now more than 1,600 of just the major ones — have ballooned in value, becoming valuable targets for criminals. Some bad actors also may want to torpedo one coin to boost the value of another, Spencer Bogart, partner at Blockchain Capital LLC, said in an email.

The one-year anniversary of WannaCry, the ransomware that disrupted businesses across the globe, is upon us. Since the ransomware attack that impacted an estimated 200,000 computers, new research suggests that organizations across the UK are still struggling to deal with ransomware, none more than those in the healthcare industry.

Over 400 IT decision makers at UK businesses partook in a recently released report from Webroot, which found that a large majority of the respondents (88%) feel better equipped to deal with a ransomware attack. Healthcare organizations are more prone to attacks than other industries, yet 98% of respondents in the healthcare sector said they are better equipped to deal with an attack now than they were one year ago.

That number could indicate a false sense of security, given that 45% of respondents had suffered a ransomware attack. Of those, nearly a quarter (23%) actually paying the ransom. More than half of the healthcare companies polled (52%) admitting to having suffered an attack.

“Organizations still aren’t investing the necessary time and resources in risk mitigation and recovery processes, leaving them with limited options in case of a successful attack. The healthcare industry in particular needs to be very aware of the fact that it is a high-profile target, with valuable data at stake, and take special care to ensure that defenses are in place,” said David Kennerley, director of threat research, Webroot.

In the healthcare sector, multiple attacks hit over one in four (26%) organizations. Of the 400 survey participants, 56% of respondents would consider paying the ransom. That number is smaller for organizations in the healthcare sector, with only 34% saying they would consider paying. Interestingly, only 5% of all those surveyed have stocked Bitcoin should they need to pay a ransom. However, 8% of organizations in the healthcare sector have acquired cryptocurrency.

The cryptocurrency marathon started in 2009 from the initial release of Bitcoin — the first decentralized cryptocurrency. By definition, a decentralized system operates with no servers and each participant is allowed execute transactions. In the case of the blockchain, each participant also has to perform some system tasks like storing transactional data. A group of participants can even run an alternative version of reality called a fork. This fork would work by the same rules as the original decentralized system but would have a different state.

This diagram illustrates the hierarchical nature of cryptocurrency security:

Wallarm Inc.

Hierarchical nature of cryptocurrency security.

The bottom line is, if there is an issue at the first layer in a coin protocol, you will be compromised, regardless of how secure are your second and third layers are.

Let’s look into each of the layers separately.

The First Layer: Coins And Tokens

Your security in the world of cryptocurrencies is, first and foremost, based the security of the protocol. When you are choosing a cryptocurrency you are taking on all the risks related to the protocol. If somebody can identify and exploit protocol flaws, they will compromise the entire network, including you, and it will not matter which exchange or wallet you are using.

With all the talk about buying lambos, and some people making serious money, it’s no surprise that the cryptocurrency world attracts hackers looking for rich targets. Today’s edition of Bitcoin in Brief showcases two typical cases and one atypical response.

Ransomware Hacker Trolled

Aaron Lammer, a cryptocurrency podcaster, got his website hijacked by a hacker demanding ransom. But instead of paying the requested 0.025 bitcoin or calling the police, he decided to have some fun with the criminal.

The hacker left a ‘contact us’ option, which is not as unusual as it might sound because often such schemers need to help victims with the process. The link directed Lammer to the facebook profile of one Barberousse Mohammed, and so he began trolling him. After Mohammed refused to accept a million pre-sale ICO tokens instead of bitcoin, Lammer tried to lure his hacker into the whole BTC vs. BCH debate by appearing to educate him about the advantages of bitcoin cash. See the entire amusing chat transcript here.

And don’t worry, eventually the website was restored by the hosting service. They said the hacker used a WordPress exploit on a different domain housed under the same user to gain control.

Vertcoin Twitter Hacked

Fake cryptocurrency giveaway scams continue to plague Twitter, with the latest example coming from Vertcoin. Usually the scammers create a new account that looks as close as possible to the real one and reply to all tweets with promises to send back large amounts to anyone that sends them ether. This time they actually took over the official Vertcoin account to promote the scam. Luckily, it appears that only three people actually fell for it and sent BTC to the address before the tweet was taken down.